RE: [Intel-wired-lan] [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
> From: Intel-wired-lan [mailto:intel-wired-lan-boun...@lists.osuosl.org] On > Behalf Of Jia-Ju Bai > Sent: Wednesday, August 05, 2015 3:16 AM > To: Kirsher, Jeffrey T; Brandeburg, Jesse > Cc: net...@vger.kernel.org; Jia-Ju Bai; intel-wired-...@lists.osuosl.org; > linux-kernel@vger.kernel.org > Subject: [Intel-wired-lan] [PATCH v2] e1000e: Modify tx/rx configurations > to avoid null pointer dereferences in e1000_open > > When e1000e_setup_rx_resources is failed in e1000_open, > e1000e_free_tx_resources in "err_setup_rx" segment is executed. > "writel(0, tx_ring->head)" statement in e1000_clean_tx_ring > in e1000e_free_tx_resources will cause a null poonter dereference(crash), > because "tx_ring->head" is only assigned in e1000_configure_tx > in e1000_configure, but it is after e1000e_setup_rx_resources. > > This patch moves head/tail register writing to e1000_configure_tx/rx, > which can fix this problem. It is inspired by igb_configure_tx_ring > in the igb driver. > > Specially, thank Alexander Duyck for his valuable suggestion. > > Signed-off-by: Jia-Ju Bai > --- > drivers/net/ethernet/intel/e1000e/netdev.c | 24 --- > - > 1 file changed, 12 insertions(+), 12 deletions(-) Tested-by: Aaron Brown -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
RE: [Intel-wired-lan] [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
From: Intel-wired-lan [mailto:intel-wired-lan-boun...@lists.osuosl.org] On Behalf Of Jia-Ju Bai Sent: Wednesday, August 05, 2015 3:16 AM To: Kirsher, Jeffrey T; Brandeburg, Jesse Cc: net...@vger.kernel.org; Jia-Ju Bai; intel-wired-...@lists.osuosl.org; linux-kernel@vger.kernel.org Subject: [Intel-wired-lan] [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open When e1000e_setup_rx_resources is failed in e1000_open, e1000e_free_tx_resources in err_setup_rx segment is executed. writel(0, tx_ring-head) statement in e1000_clean_tx_ring in e1000e_free_tx_resources will cause a null poonter dereference(crash), because tx_ring-head is only assigned in e1000_configure_tx in e1000_configure, but it is after e1000e_setup_rx_resources. This patch moves head/tail register writing to e1000_configure_tx/rx, which can fix this problem. It is inspired by igb_configure_tx_ring in the igb driver. Specially, thank Alexander Duyck for his valuable suggestion. Signed-off-by: Jia-Ju Bai baijiaju1...@163.com --- drivers/net/ethernet/intel/e1000e/netdev.c | 24 --- - 1 file changed, 12 insertions(+), 12 deletions(-) Tested-by: Aaron Brown aaron.f.br...@intel.com -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
On 08/05/2015 06:43 PM, Jeff Kirsher wrote: Is your intention that this patch replace the existing patch: http://patchwork.ozlabs.org/patch/502990/ ...which is currently in my queue? Okay, please replace the previous patch. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
On Wed, 2015-08-05 at 18:16 +0800, Jia-Ju Bai wrote: > When e1000e_setup_rx_resources is failed in e1000_open, > e1000e_free_tx_resources in "err_setup_rx" segment is executed. > "writel(0, tx_ring->head)" statement in e1000_clean_tx_ring > in e1000e_free_tx_resources will cause a null poonter > dereference(crash), > because "tx_ring->head" is only assigned in e1000_configure_tx > in e1000_configure, but it is after e1000e_setup_rx_resources. > > This patch moves head/tail register writing to e1000_configure_tx/rx, > which can fix this problem. It is inspired by igb_configure_tx_ring > in the igb driver. > > Specially, thank Alexander Duyck for his valuable suggestion. > > Signed-off-by: Jia-Ju Bai > --- > drivers/net/ethernet/intel/e1000e/netdev.c | 24 > > 1 file changed, 12 insertions(+), 12 deletions(-) Is your intention that this patch replace the existing patch: http://patchwork.ozlabs.org/patch/502990/ ...which is currently in my queue? signature.asc Description: This is a digitally signed message part
[PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
When e1000e_setup_rx_resources is failed in e1000_open, e1000e_free_tx_resources in "err_setup_rx" segment is executed. "writel(0, tx_ring->head)" statement in e1000_clean_tx_ring in e1000e_free_tx_resources will cause a null poonter dereference(crash), because "tx_ring->head" is only assigned in e1000_configure_tx in e1000_configure, but it is after e1000e_setup_rx_resources. This patch moves head/tail register writing to e1000_configure_tx/rx, which can fix this problem. It is inspired by igb_configure_tx_ring in the igb driver. Specially, thank Alexander Duyck for his valuable suggestion. Signed-off-by: Jia-Ju Bai --- drivers/net/ethernet/intel/e1000e/netdev.c | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index 89d788d..3aee51b 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -1737,12 +1737,6 @@ static void e1000_clean_rx_ring(struct e1000_ring *rx_ring) rx_ring->next_to_clean = 0; rx_ring->next_to_use = 0; adapter->flags2 &= ~FLAG2_IS_DISCARDING; - - writel(0, rx_ring->head); - if (adapter->flags2 & FLAG2_PCIM2PCI_ARBITER_WA) - e1000e_update_rdt_wa(rx_ring, 0); - else - writel(0, rx_ring->tail); } static void e1000e_downshift_workaround(struct work_struct *work) @@ -2447,12 +2441,6 @@ static void e1000_clean_tx_ring(struct e1000_ring *tx_ring) tx_ring->next_to_use = 0; tx_ring->next_to_clean = 0; - - writel(0, tx_ring->head); - if (adapter->flags2 & FLAG2_PCIM2PCI_ARBITER_WA) - e1000e_update_tdt_wa(tx_ring, 0); - else - writel(0, tx_ring->tail); } /** @@ -2954,6 +2942,12 @@ static void e1000_configure_tx(struct e1000_adapter *adapter) tx_ring->head = adapter->hw.hw_addr + E1000_TDH(0); tx_ring->tail = adapter->hw.hw_addr + E1000_TDT(0); + writel(0, tx_ring->head); + if (adapter->flags2 & FLAG2_PCIM2PCI_ARBITER_WA) + e1000e_update_tdt_wa(tx_ring, 0); + else + writel(0, tx_ring->tail); + /* Set the Tx Interrupt Delay register */ ew32(TIDV, adapter->tx_int_delay); /* Tx irq moderation */ @@ -3275,6 +3269,12 @@ static void e1000_configure_rx(struct e1000_adapter *adapter) rx_ring->head = adapter->hw.hw_addr + E1000_RDH(0); rx_ring->tail = adapter->hw.hw_addr + E1000_RDT(0); + writel(0, rx_ring->head); + if (adapter->flags2 & FLAG2_PCIM2PCI_ARBITER_WA) + e1000e_update_rdt_wa(rx_ring, 0); + else + writel(0, rx_ring->tail); + /* Enable Receive Checksum Offload for TCP and UDP */ rxcsum = er32(RXCSUM); if (adapter->netdev->features & NETIF_F_RXCSUM) -- 1.7.9.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
When e1000e_setup_rx_resources is failed in e1000_open, e1000e_free_tx_resources in err_setup_rx segment is executed. writel(0, tx_ring-head) statement in e1000_clean_tx_ring in e1000e_free_tx_resources will cause a null poonter dereference(crash), because tx_ring-head is only assigned in e1000_configure_tx in e1000_configure, but it is after e1000e_setup_rx_resources. This patch moves head/tail register writing to e1000_configure_tx/rx, which can fix this problem. It is inspired by igb_configure_tx_ring in the igb driver. Specially, thank Alexander Duyck for his valuable suggestion. Signed-off-by: Jia-Ju Bai baijiaju1...@163.com --- drivers/net/ethernet/intel/e1000e/netdev.c | 24 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c index 89d788d..3aee51b 100644 --- a/drivers/net/ethernet/intel/e1000e/netdev.c +++ b/drivers/net/ethernet/intel/e1000e/netdev.c @@ -1737,12 +1737,6 @@ static void e1000_clean_rx_ring(struct e1000_ring *rx_ring) rx_ring-next_to_clean = 0; rx_ring-next_to_use = 0; adapter-flags2 = ~FLAG2_IS_DISCARDING; - - writel(0, rx_ring-head); - if (adapter-flags2 FLAG2_PCIM2PCI_ARBITER_WA) - e1000e_update_rdt_wa(rx_ring, 0); - else - writel(0, rx_ring-tail); } static void e1000e_downshift_workaround(struct work_struct *work) @@ -2447,12 +2441,6 @@ static void e1000_clean_tx_ring(struct e1000_ring *tx_ring) tx_ring-next_to_use = 0; tx_ring-next_to_clean = 0; - - writel(0, tx_ring-head); - if (adapter-flags2 FLAG2_PCIM2PCI_ARBITER_WA) - e1000e_update_tdt_wa(tx_ring, 0); - else - writel(0, tx_ring-tail); } /** @@ -2954,6 +2942,12 @@ static void e1000_configure_tx(struct e1000_adapter *adapter) tx_ring-head = adapter-hw.hw_addr + E1000_TDH(0); tx_ring-tail = adapter-hw.hw_addr + E1000_TDT(0); + writel(0, tx_ring-head); + if (adapter-flags2 FLAG2_PCIM2PCI_ARBITER_WA) + e1000e_update_tdt_wa(tx_ring, 0); + else + writel(0, tx_ring-tail); + /* Set the Tx Interrupt Delay register */ ew32(TIDV, adapter-tx_int_delay); /* Tx irq moderation */ @@ -3275,6 +3269,12 @@ static void e1000_configure_rx(struct e1000_adapter *adapter) rx_ring-head = adapter-hw.hw_addr + E1000_RDH(0); rx_ring-tail = adapter-hw.hw_addr + E1000_RDT(0); + writel(0, rx_ring-head); + if (adapter-flags2 FLAG2_PCIM2PCI_ARBITER_WA) + e1000e_update_rdt_wa(rx_ring, 0); + else + writel(0, rx_ring-tail); + /* Enable Receive Checksum Offload for TCP and UDP */ rxcsum = er32(RXCSUM); if (adapter-netdev-features NETIF_F_RXCSUM) -- 1.7.9.5 -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
On Wed, 2015-08-05 at 18:16 +0800, Jia-Ju Bai wrote: When e1000e_setup_rx_resources is failed in e1000_open, e1000e_free_tx_resources in err_setup_rx segment is executed. writel(0, tx_ring-head) statement in e1000_clean_tx_ring in e1000e_free_tx_resources will cause a null poonter dereference(crash), because tx_ring-head is only assigned in e1000_configure_tx in e1000_configure, but it is after e1000e_setup_rx_resources. This patch moves head/tail register writing to e1000_configure_tx/rx, which can fix this problem. It is inspired by igb_configure_tx_ring in the igb driver. Specially, thank Alexander Duyck for his valuable suggestion. Signed-off-by: Jia-Ju Bai baijiaju1...@163.com --- drivers/net/ethernet/intel/e1000e/netdev.c | 24 1 file changed, 12 insertions(+), 12 deletions(-) Is your intention that this patch replace the existing patch: http://patchwork.ozlabs.org/patch/502990/ ...which is currently in my queue? signature.asc Description: This is a digitally signed message part
Re: [PATCH v2] e1000e: Modify tx/rx configurations to avoid null pointer dereferences in e1000_open
On 08/05/2015 06:43 PM, Jeff Kirsher wrote: Is your intention that this patch replace the existing patch: http://patchwork.ozlabs.org/patch/502990/ ...which is currently in my queue? Okay, please replace the previous patch. -- To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
